Donate For Public and Patients Store Search

A Guide to HIPAA and HITECH for Dermatology Manual

Learn the step-by-step approach to understanding, implementing and complying with the HIPAA Privacy and Security Rule. Includes customizable tools and templates you can use and quickly apply to your practice!
Item # PME20
  • Overview

    Ensure your practice is compliant with the final HIPAA regulations aimed at strengthening privacy and security protections of health information.
    A Guide to HIPAA and HITECH for Dermatology outlines HIPAA compliance obligations for privacy, security, breach rules, AND much more.

    This manual includes:
    • Obligations and liabilities of business associates and subcontractors
    • Breach notification requirements
    • What happens if protected health information is disclosed through an EHR
    • Stronger enforcement of HIPAA/HITECH violations and imposition of penalties
    • Updated privacy practice form

    Complimentary eBook along with customizable policy and procedure templates available on Your Account page after purchase. Sample forms on CD-ROM also included with manual.

  • Specifications
    # of pages: 225
    Publisher: American Academy of Dermatology 
    Templates and sample forms included on CD  
    Format: Perfect Bound
    Item#: PME20


  • Table of Contents
    1. PART 1: Step-By-Step Guide to the Privacy Rule
      • STEP 1: Read the Overview of the Privacy Rule
      • STEP 2: Select a Privacy Officer
      • STEP 3: Review and Implement Privacy Officer Responsibilities
        • Exhibit P1: Privacy Officer Job Responsibilities
      • STEP 4: Conduct a Walk-Through of the Practice to Identify Privacy Risk Areas
        • Exhibit P2: Internal Privacy Checklist
      • STEP 5: Implement a Notice of Privacy Practices
        • Exhibit P3: Notice of Privacy Practices
      • STEP 6: Implement a Written Acknowledgement Process
        • Exhibit P4: Receipt of Notice of Privacy Practices Written Acknowledgement Form
      • STEP 7: Implement Privacy Policies and Procedures
        • Exhibit P5: Sample Privacy Policies and Procedures
      • STEP 8: Implement a Patient Authorization Form
        • Exhibit P6: Patient Authorization for Practice to Release Protected Health Information
        • Exhibit P7: Illustrations of Situations Requiring/Not Requiring Authorization
      • STEP 9: Implement a Form Requesting Restrictions onUses and Disclosures of PHI
      • STEP 9A: Receipt of Requests for Confidential Communications of PHI
        • Exhibit P8: Request for Limitations and Restrictions of Protected Health Information (PHI)
      • STEP 10: Implement a Form to Inspect and Copy PHI
        • Exhibit P9: Request to Inspect and Copy Protected Health Information
      • STEP 11: Implement Access Denial Form
        • Exhibit P10: Patient Denial Letter
      • STEP 12: Implement a Form to Amend PHI
        • Exhibit P11: Request for Correction/Amendment of Protected Health Information
      • STEP 13: Implement a Form to Receive an Accounting of Certain Disclosures of PHI for Non-TPO Purposes
        • Exhibit P12: Request for an Accounting of Certain Disclosures of Protected Health Information
      • STEP 14: Implement a Log to Track Disclosures of PHI
        • Exhibit P13: Log to Track Disclosures of Protected Health Information (PHI)
      • STEP 15: Implement Patient Complaint Forms
        • Exhibit P14: Patient Complaint Form
      • STEP 16: Determine Who Can Use and Disclose PHI
      • STEP 17: Update or Develop Job Descriptions with Respect to PHI Use and Disclosure
      • STEP 18: Develop a List of Your Business Associates
        • Exhibit P15: Listing of Typical Business Associates In Terms of the Privacy Rule
        • Exhibit P16: A Medical Practice Guide for the Privacy Officer to Identify Business Associates
      • STEP 19: Implement Business Associate Agreements
        • Exhibit P17: Business Associate Agreement
      • STEP 20: Train All Physicians and Staff on Privacy Policies and Notice of Privacy Practices
        • Exhibit P18: Privacy Policy Training Checklist
      • STEP 21: Document Physician and Staff Training for Privacy Rule
        • Exhibit P19: Training Documentation Form for Privacy Rule
      • STEP 22: Document Physician and Staff Training for Privacy Rule
        • Exhibit P20: Workforce Confidentiality Agreement
      • STEP 23: Monitor Compliance with the Privacy Rule
        • Exhibit P21: Privacy Officer’s Incident Event Log
      • STEP 24: Breach Notification Requirements
        • Exhibit P22: Breach Notification Policy
        • Exhibit P23: Breach Notification Letter
        • Exhibit P24: Breach Notification Log
        • Exhibit P25: Model Opt-Out Language
    2. PART 2: Step-By-Step Guide to the Security Rule
      • STEP 1: Read the Overview of the Security Rule
      • STEP 2: Appoint a Security Official/Prepare & Implement Job Responsibilities
        •  Exhibit S1: Security Official Job Responsibilities
      • STEP 3: Perform a Risk Analysis
        • Exhibit S2: HIPAA Security Rule Standards Matrix and Risk Analysis
      • STEP 4: Determine if Computer System is Capable of Providing Electronic/Audit Trails; Implement Audit Control Policies & Procedures
        • Exhibit S3: Sample Audit Trails Policy and Procedures
        • Exhibit S4: Sample Event Record
      • STEP 5: Develop Workforce Clearance Procedures and Means of Implementing Clearance Requirements for Employees who Access EPHI
      • STEP 6: Design and Implement User Identification and Authentication Policies and Procedures for Electronic Information Systems
        • Exhibit S5: Security Official Job Responsibilities
      • STEP 7: Implement Automatic Log-Off Processes
      • STEP 8: Implement Transmission Security/Encryption Technology
      • STEP 9: Install Protection from Malicious Software; Report Security Incidents
        • Exhibit S6: Sample Anti-Virus Policies and Procedures
        • Exhibit S7: Security Incident Report
      • STEP 10: Implement Firewall Technology
      • STEP 11: Review and Implement Computer Backup Policies and Procedures
        • Exhibit S8: Sample Backup Policy and Procedures
      • STEP 12: Develop Security Incident Policies and Procedures
        • Exhibit S9: Sample Security Incident Policy and Procedures
        • Exhibit S10: Sample Security Incident Log
      • STEP 13: Implement Facility Maintenance Log
        • Exhibit S11: Facility Maintenance Log
      • STEP 14: Develop Facility Security and Contingency Plans
        • Exhibit S12: Sample Contingency Policy and Procedure
        • Exhibit S13: Contingency Plan Steps
      • STEP 15: Develop a List of Business Associates and Implement Agreements
        • Exhibit S14: Listing of Typical Business Associates In Terms of the Security Rule
        • Exhibit S15: A Medical Practice Guide for the Security Official to Identify Business Associates that Access PHI
      • STEP 16: Create Computer Workstation Use Policies and Procedures
        • Exhibit S16: Sample Policy and Procedures on Workstation Use
      • STEP 17: Document and Train All Physicians and Staff on the Security Policies and Procedures
        • Exhibit S17: Security Policy Training Checklist
        • Exhibit S18: Training Documentation Form For Security Rule
      • STEP 18: Obtain Signed Workforce Confidentiality Agreements from All Physicians and Staff
      • STEP 19: Monitor Compliance with the Security Rule
      • STEP 20: Evaluate All Policies and Procedures Periodically
      • STEP 21: Create Workforce Termination Procedures
        • Exhibit S19: Sample Workforce Termination Procedures
        • Exhibit S20: Workforce Termination Checklist
      • STEP 22: Create Workforce Termination Procedures
        • Exhibit S21: Sample Sanction Policy
    3. Appendix 1: Frequently Asked Questions
    4. Appendix 2: HIPAA Resources
    5. Appendix 3: Facsimile Transmittal
    6. Appendix 4: Forms Checklist
    7. Appendix 5: Patient Consent Form (OPTIONAL)
    8. Appendix 6: Patient Consent for Use and Disclosure of Protected Health Information (OPTIONAL)
    9. Appendix 7: Determine Whether Your Practice Uses and Discloses PHI for Research Purposes
    10. Appendix 8: Implement a Data Use Agreement
    11. Appendix 9: Determine Whether Your Practice Participates in an Organized Health Care Arrangement (OHCA)
    12. Appendix 10: Addressable Specifications
    13. Appendix 11: Security Standard Scalability Example
    14. Glossary